Commit graph

2356 commits

Author SHA1 Message Date
Georg Lauterbach dc8a08031f
release: v12.0.0 (#3146)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: casperklein <casperklein@users.noreply.github.com>
2023-04-10 10:32:33 +02:00
Georg Lauterbach fedc3b3ee0
docs: update docs that cite compose files (#3234) 2023-04-09 11:42:50 +02:00
Georg Lauterbach 2b7cab28f7
compress & improve user management docs (#3232)
The user management docs are now one page, because the division between
accounts and aliases is useless because there simply isn't enough
content to justify the split. I improved and updated the text a bit.
2023-04-09 09:27:00 +00:00
Georg Lauterbach adb38207ad
add a note about TLS to "Usage" page (#3236) 2023-04-09 09:54:35 +12:00
Brennan Kinney 0c0f55f4e8
chore: Remove domainname field from example compose (#3230)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-04-08 12:01:46 +02:00
Georg Lauterbach cf8e555212
docs: miscellaneous improvements (#3219)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-04-08 11:54:16 +02:00
Georg Lauterbach a9515b49c2
follow-up to #3225 (#3229)
Misc spelling fixes and resolved imprecise statements. Shortened the bug
report introduction a bit further and added a statement about being
precise to all templates.
2023-04-07 11:58:51 +02:00
Georg Lauterbach e4543da4d5
GitHub/CI: issue templates improvements (#3225) 2023-04-06 19:28:33 +02:00
dependabot[bot] 637d27efc7
chore(deps): Bump peaceiris/actions-gh-pages from 3.9.2 to 3.9.3 (#3216) 2023-04-03 15:22:52 +02:00
dependabot[bot] 69031b969d
chore(deps): Bump anchore/scan-action from 3.3.4 to 3.3.5 (#3217) 2023-04-03 15:00:45 +02:00
github-actions[bot] 78c3200b7c
docs(CONTRIBUTORS): update contributors (#3210)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-04-01 16:23:55 +13:00
Georg Lauterbach 585a2d64d2
config: remove chroot for Dovecot & PostSRSd (#3208)
* remove PostSRSd chroot
* remove chroot for Dovecot

A dedicated file for Dovecot's chroot environments is easier to handle
and adjust later.
2023-03-31 12:17:44 +02:00
dependabot[bot] 1c231053d0
chore(deps): Bump actions/stale from 7 to 8 (#3205)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-28 01:28:18 +02:00
Casper f4fe5bf527
Update SA_KILL values; follow up to #3058 (#3204) 2023-03-27 01:59:43 +02:00
Casper 6fa06f4986
Fix: only chmod when there are files (#3203) 2023-03-26 20:30:34 +08:00
Jack Pearson e12b032f77
docs: Change edge version links to latest + fix links intended as relative not absolute (#3190)
* docs: change some absolute links to relative links

* docs: change most hard-coded links to `edge` to point to `latest`

* Apply suggestions from code review

* docs: revert 404 page to edge and change canonical link to `latest

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-03-22 23:43:10 +13:00
Jack Pearson b3249fada7
docs: move make build instruction from paragraph into list (#3193)
* docs: move `make build` instruction from paragraph into list

* Update docs/content/contributing/tests.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-03-21 18:14:10 +13:00
Jack Pearson 1bd25d5e74
docs: Add FAQ entry for troubleshooting delivery (#3192)
* docs: add faq for email deliverability

* Apply suggestions from code review

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-03-21 02:56:54 +00:00
Jack Pearson d770c67a2d
ci(docs): Update latest symlink via docs-production-deploy workflow (#3183) 2023-03-20 11:37:24 +13:00
Georg Lauterbach e58dd1b95b
Rspamd: more features (#3159) 2023-03-18 23:32:48 +08:00
dependabot[bot] e890ba46a3
chore(deps): Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#3176)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-14 11:45:27 +13:00
Casper 6c97a505be
fix: postsrsd restart loop (#3160) 2023-03-13 12:39:03 +13:00
Lin Han f19006bd72
doc: a ip -> an ip (#3175)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-03-12 12:59:43 +01:00
Casper 2da3e1b022
fix: SRS setup (#3158) 2023-03-12 12:10:45 +01:00
Jack Pearson 0baf82f7d0
fix: TLS setup (self-signed) error message should include SS_CA_CERT (#3168) 2023-03-10 18:25:46 +13:00
Georg Lauterbach dab70709d9
scripts: improve panic helpers (#3155) 2023-03-06 10:06:50 +01:00
Georg Lauterbach b5fc40eb7a
fix regression introduced in #3153 (#3157) 2023-03-05 22:23:25 +01:00
Casper a8f6fa6181
DRY: Replace path with variable in mail_state.sh (#3153) 2023-03-05 16:59:01 +01:00
Georg Lauterbach 4e9ffbf224
fix(Postfix): special bits for maildrop and public directory (#3149)
* fixed special bits for maildrop and public dir

After changing the group, special bits are lost, but they should be set for the directories `/var/spool/postfix/{maildrop,public}`, otherwise you see the following error:

```
postfix/postdrop[17400]: warning: mail_queue_enter: create file maildrop/729504.17400: Permission denied
```

* fix: Match octal permissions originally provided

Officially Postfix source seems to imply:
- `730` for `maildrop/` (_but has mentioned a sticky bit in the past, set-gid bit only for the postdrop binary involved_)
- `710` for `public/`

Both folders are assigned the same group that `postdrop` belongs to which has the SGID permission for it's executable. SGID special bit on`public/` doesn't seem necessary, but left as-is to match the default from Debian.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-03-05 20:57:40 +13:00
Georg Lauterbach 2234a53b60
docs: improve Rspamd docs (#3147) 2023-03-05 06:23:11 +00:00
Georg Lauterbach 8ec5dbec74
scripts: touchups for v12.0.0 (#3144) 2023-03-04 10:57:42 +01:00
Georg Lauterbach 5e9849d94f
rspamd: rename ENABLE_REDIS & add persistence for Redis (#3143) 2023-03-04 10:45:43 +01:00
Georg Lauterbach f0edcc28d9
config: ensure SASL socket file is not inside a volume mount (#3131) 2023-03-03 23:42:55 +01:00
Brennan Kinney 9a9380150e
fix: Avoid creating an unnecessary syslog socket for Postfix (#3134)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-03-03 23:08:51 +01:00
Georg Lauterbach 5ec6845c96
config/ENV: improve Postfix config for spoof protection (#3127) 2023-03-03 15:55:32 +01:00
Brennan Kinney aa4d4fe315
ci(fix): Only apply permissions at the job level (#3142)
If permissions are specified at the workflow level, any that are not explicitly set became `none` and jobs cannot request that to change.

Permissions are therefore scoped to the job itself.
2023-03-03 15:32:00 +01:00
Georg Lauterbach 9e2f96448a
scripts: remove PostSRSD wrapper (#3128)
* remove PostSRSD wrapper

The setup is now completely done during _actual_ setup phase. The
wrapper did not even catch signals (SIGINT, etc.), which I think is
strange.

I also added all the ENVs the wrapper relied on (which previously could
have been unset) to the variables script.

* forgot adjusting the `Dockerfile`
2023-03-02 17:44:01 +01:00
github-actions[bot] b451742f0a
docs(CONTRIBUTORS): update contributors (#3135)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-03-01 16:36:54 +01:00
Georg Lauterbach f3edcf9cd5
issue warning in case of improper restart (#3129) 2023-03-01 16:33:54 +01:00
Georg Lauterbach 0949f16344
scripts/ENV: make disabling Redis possible (#3132)
* make disabling Redis possible

* add documentation

* Apply suggestions from code review

* Update docs/content/config/environment.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-03-01 16:24:59 +01:00
Georg Lauterbach dfc2b39308
scripts: housekeeping & cleanup setup (2/2) (#3123) 2023-02-28 10:25:23 +01:00
Georg Lauterbach 9ead9a54ac
scripts: follow up of #3115 (feedback) (#3124) 2023-02-27 23:37:35 +01:00
Georg Lauterbach 4b04c3e31c
scripts: housekeeping & cleanup setup (1/2) (#3121) 2023-02-27 20:21:45 +01:00
Georg Lauterbach f35b60042f
scripts: split setup-stack.sh (#3115) 2023-02-26 11:42:14 +01:00
Brennan Kinney 1592698637
fix: Postfix service should proxy signals received (#3118)
`postfix start-fg` was not properly responding to signals received to stop. This caused `supervisorctl restart postfix` and `supervisor stop postfix` to not work as expected (_stopping the Postfix master process, before attempting to start the service again_).

Supervisor does not support custom commands for restarting or stopping a service, relying only on managing the process via  a signal. In the past we used a wrapper script to TRAP the signals and trigger commands that way.

However there is a feature which allows us to proxy signals to a different process by referencing a PID file. As Postfix master process creates a pid file when started, we can avoid a wrapper script and the `supervisorctl` functionality works as intended 👍
2023-02-26 19:32:53 +13:00
Georg Lauterbach ae05e6a7c3
tests: improve _send_email (#3105) 2023-02-24 10:44:18 +01:00
Dmitry R 199e3c7721
config: disable SMTP authentication on port 25 (#3006)
* postfix: remove smtpd_sasl_auth_enable global setting

* tests: disable auth on 25 port

* tests: revert ldap-smtp-auth-spoofed-sender-with-filter-exception.txt

* Skip failing test

The test seems to have been broken from the beginning.

Sadly, no LDAP maintainers can verify. Added a TODO item if ever a LDAP maintainer comes around.

* Apply PR feedback

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-02-23 15:19:39 +01:00
Georg Lauterbach 4e82d4de54
ci/docs: add vulnerability scanning workflow & security policy (#3106) 2023-02-23 08:53:12 +01:00
Georg Lauterbach 972406099e
docs: add docs about Abusix integration into Rspamd (#3104) 2023-02-22 10:46:24 +01:00
Georg Lauterbach 35692a9111
ci: refactored sedfile & used _send_mail where possible (#3103)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-02-22 10:26:04 +01:00